X64_dbg Chinese edition is a Windows program to support 32 bit and 64 bit debugger. DBG is a debugger for debugging part. It handles (using TitanEngine) and will provide data for GUI. GUI is the graphical debugger. It is based on Qt, which provides the user interaction. Bridge is part of the DBG communication library and GUI (in part more in the future). The bridge can be used to deal with new functions, without the need to update the other part of the code. X64_dbg easy to use, completely free of charge, the authors are also very hard, every week to update. Lightning small update to the latest version here for a long time, and do the same author regularly updated version, and Chinese version for everyone!

The debugger (currently) has three parts:

DBG

GUI

Bridge

Function introduction

basic function

Full function debugging DLL and EXE files (TitanEngine Community Edition)

X64_dbg installation tutorial

About the installation 1. the download package, double-click after extracting compressed package in release directory x96dbg.exe, open the software 2. we can directly run 32 or 64, but suggested the installation, when opened will facilitate many installation Is 3. Is 4. Is 5. 6. point determination 7. desktop has 32 bit and 64 bit program

A tutorial. We have to X64dbg, for example, will be the main program loaded into x64dbg.exe software, the software can be

Use help

Q: why not show additional dialog box X?

Answer: if the handle x64dbg cannot get the process, it will not be displayed in the dialog box attached to it. Go to settings and make sure the option in the Enable Debug Privilege option in the Engine card. Make sure to run as administrator x64dbg. If your process has not yet been displayed, and you are running Windows 8.1 or higher version, please ensure that the kernel does not protect it. Such protection can be obtained by kernel drivers (such as PPLKiller) delete.

Debug private

Q: help, I cannot change the target program from the command line!

Q: how to pass parameters to help, I want to debug the program?

Answer: File Change Command - > Line options:

command line

Q: the construction of x64dbg is very complex, please help me!

A: here provides a guide for building x64dbg. If the correct implementation of these steps, the compiler of x64dbg should be no problem.

Q: how do I contribute?

Answer: you can view this page for more information about how to understand, contribution.

Q: how mentioned command work to help?

Answer: basically command works similar to the assembler (parameter comma separated). Mov eax, 0x1234 is a valid command. You can enter them in the command bar (but not in the x64dbg command line):

Command bar

Q: x64dbg is to create entries in the registry or create a file in the system catalog? Or it is portable (such as OllyDbg)?

A: unlike OllyDbg, x64dbg is completely portable (all paths are relative to the x64dbg executable file you have absolute plug-in and UDD path in Olly). This means that you can copy anywhere in the x64dbg.ini, without any change.

By default, x64dbg does not create any registry keys. However, if it is used as the JIT debugger, it will change the key. The same applies to the x96dbg.exe (Debug with x64dbg to create an entry in the File Explorer context menu).

Q: how Debug with x64dbg delete items from the context menu?

Answer: Download and execute the regfile (remember Save as...).

Q: how to start automatically when the x64dbg in the attach to process?

Answer: this can be achieved by using Image File Execution Options registry key. You can use the GFlags utility to perform this operation from the graphical user interface.

Q: how to use the PLMDebug and x64dbg?

Answer: plmdebug /enableDebug "C:\path\to\x64dbg\release\x96dbg.exe" (you can also use x32dbg.exe or x64dbg.exe x96dbg.exe it will automatically select the correct architecture). For more information, please refer to question 1698.

Q: why do I have been all patch application (0/X patch (ES) applied! Message box)?

A: could you try on the disk without any part of the said patch (SizeOfRawData is zero or repaired in part after the end). Whether you can check to repair the address with the file offset to confirm:

No file offset

Q: how to use -g with x64dbg DWARF format (MinGW option) debug symbols?

Answer: x64dbg does not directly support the DWARF symbol, but you can use the cv2pdb DWARF symbol into PDB.

Q: I want to study the reverse, I know how to program. Where do I begin?